Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Chí-Thanh Christopher Nguyễn <chithanh@g.o>
Subject: Re: UEFI secure boot and Gentoo
Date: Fri, 15 Jun 2012 06:57:06 +0200
Greg KH schrieb:
> So, anyone been thinking about this?  I have, and it's not pretty.
> 
> Should I worry about this and how it affects Gentoo, or not worry about
> Gentoo right now and just focus on the other issues?
> 
> Minor details like, "do we have a 'company' that can pay Microsoft to
> sign our bootloader?" is one aspect from the non-technical side that I've
> been wondering about.

For the current crop of hardware, it is probably sufficient to add a
paragraph to the handbook which tells the user to disable secure boot.

Getting users' self-compiled boot loaders signed with a Gentoo key is
probably infeasible.

If you have influence on UEFI secure boot spec, you could suggest that
they mandate a UI which lists all boot images known to the EFI boot
manager, and the user can easily whitelist both individual loaders and
the keys used to sign them.


Best regards,
Chí-Thanh Christopher Nguyễn


Replies:
Re: UEFI secure boot and Gentoo
-- Greg KH
Re: UEFI secure boot and Gentoo
-- Luca Barbato
References:
UEFI secure boot and Gentoo
-- Greg KH
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: UEFI secure boot and Gentoo
Next by thread:
Re: UEFI secure boot and Gentoo
Previous by date:
Re: UEFI secure boot and Gentoo
Next by date:
Re: UEFI secure boot and Gentoo


Updated Jun 23, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.